PHP :: Doc Bug #67744 :: Exclude parameters from signature

Doc Bug #67744	Exclude parameters from signature
Submitted:	2014-08-02 03:26 UTC	Modified:	2014-11-13 22:03 UTC
From:	cweiske@php.net	Assigned:	cweiske (profile)
Status:	Closed	Package:	oauth (PECL)
PHP Version:	Irrelevant	OS:	Debian
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	cweiske@php.net
New email:
PHP Version:		OS:

New Comment:

[2014-08-02 03:26 UTC] cweiske@php.net

Description:
------------
My webapp uses mod_rewrite to rewrite URLs for easier processing in PHP:
> /user/cweiske -> user.php?name=cweiske

OAuth clients use http://example.org/user/cweiske as URL and generate the signature for it.

OAuthProvider::checkOAuthRequest() uses the same URL because I pass it, but it also uses the GET parameter $_GET[name] during signature verification.

Unsetting it via unset($_GET['name']) unfortunately does not work, so I'm left with invalid signatures.

I see two solutions:

1. Read the modified $_GET array
2. Add a "ignoreParam" method to OAuthProvider

(this is with pecl/oauth 1.2.3)

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2014-08-02 17:43 UTC] jawed@php.net

I think the bug here is the lack of documentation around ignoring parameters. Rasmus had a good example on his blog post @ http://toys.lerdorf.com/archives/55-Writing-an-OAuth-Provider-Service.html

Summary: you need to pass NULL as the value to OAuthProvider::setParam (ie, $provider->setParam('name', NULL)).

I'll hold off on releasing 1.2.4 in case someone disagrees this is a documentation issue vs implementation.

[2014-08-03 10:48 UTC] cweiske@php.net

-Type: Feature/Change Request +Type: Documentation Problem

[2014-08-03 10:48 UTC] cweiske@php.net

I can confirm that setParam("foo", null); works.

So it is a problem of missing documentation.

[2014-09-21 06:51 UTC] krakjoe@php.net

-Assigned To: +Assigned To: datibbaw

[2014-09-21 06:51 UTC] krakjoe@php.net

Assigning to someone with a clue ...

[2014-11-13 22:02 UTC] cweiske@php.net

Automatic comment from SVN on behalf of cweiske
Revision: http://svn.php.net/viewvc/?view=revision&amp;revision=335181
Log: Fix doc bug #67744: Exclude parameters from signature

[2014-11-13 22:03 UTC] cweiske@php.net

-Status: Assigned +Status: Closed -Assigned To: datibbaw +Assigned To: cweiske

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Fri Nov 01 01:01:28 2024 UTC